CISM Certification Boot Camp

Day 0 – Preparation Prior to Class

Our ISACA CISM Training Camp is designed for busy IT and security professionals, with no mandatory self-study required. However, if you want to enter class with some pre-study under your belt, focusing on the following areas could be beneficial:

• Information Security Governance: Understanding the development and management of security strategies aligned with business objectives and regulatory requirements.
• Risk Management: Familiarize yourself with the process of identifying, assessing, and mitigating security risks in an enterprise environment.
• Information Security Program Development: Basics of designing and managing a security program, including policy development and resource management.
• Incident Management: Strategies for planning, detecting, responding to, and recovering from security incidents.
• Security Controls and Compliance: Overview of key security frameworks, standards, and compliance requirements, including ISO, NIST, and other relevant guidelines.

Module 1: Information Security Governance

• Overview and Objectives:
  • Importance of governance in managing enterprise security.
  • Aligning information security strategy with organizational goals.
• Key Topics:
  • Establishing and maintaining an information security governance framework.
  • Integrating information security into enterprise governance.
  • Developing information security policies, procedures, and standards.
  • Metrics and reporting for information security governance.
• Practical Exercises:
  • Case studies on developing governance frameworks.
  • Creating and reviewing sample security policies and procedures.
• Practice Questions and Review

Module 2: Information Risk Management

• Overview and Objectives:
  • Identifying and managing information security risks in alignment with organizational goals.
• Key Topics:
  • Identifying, assessing, and evaluating risks.
  • Risk treatment strategies: avoidance, mitigation, acceptance, and transfer.
  • Communicating risk to stakeholders.
  • Developing and maintaining a risk management program.
• Practical Exercises:
  • Conducting risk assessments and risk analysis.
  • Risk treatment planning and reporting exercises.
• Practice Questions and Review

Module 3: Information Security Program Development and Management

• Overview and Objectives:
  • Designing and implementing an information security program aligned with organizational objectives.
• Key Topics:
  • Establishing and maintaining the information security program.
  • Aligning the program with business strategy, legal requirements, and industry standards.
  • Security awareness and training.
  • Resource management and defining roles and responsibilities.
• Practical Exercises:
  • Building an information security roadmap.
  • Developing security awareness training modules.
• Practice Questions and Review

Module 4: Information Security Incident Management

• Overview and Objectives:
  • Establishing and maintaining an effective information security incident management program.
• Key Topics:
  • Planning and preparing for incident response.
  • Detecting, responding to, and recovering from security incidents.
  • Developing and implementing an incident management process.
  • Communication strategies and lessons learned from incidents.
• Practical Exercises:
  • Incident response simulation exercises.
  • Post-incident analysis and reporting.
• Practice Questions and Review